Data Security happens to be the prime concern for law firms storing data offsite in the cloud. Speaking at the ALPMA’s Expert Panel Session “Technology for Law firms”, few of the legal industry analysts said that Cloud storage was like a boon for legal profession, provided the contractual agreements could carry risks, if ignored, particularly around data security.
Most of the participants involved in the conference believed that enterprise users should ensure that they must encrypt the data before passing out to the cloud in order to avoid any troubles.
Also a major portion of respondents involved in the ALPMA’s Expert Panel said that users should keep an eye on the contractual agreements which include exclusion of consequential loss by service providers’ and suppliers. If the liability for loss or corruption of data is excluded in the agreement, then the expert panel suggests the user to backup off from the agreement. They say that the common legal constructs that the user sees in the agreement could have significant ramifications one day.
Also 60% of the session attendees felt that location of data storage is another important thing to look out for. This is because it is important to know if and where the user data could be transferred to, so as to not breach any legislative frameworks or requirements that apply to material generated for particular clients.
For instance, in Australia, if Government data is involved, then the offsite data storage practices should go as per NSW State Records Act.
Note- the NSW State Records Act 1998 prohibits the unauthorized disposal of State Records. If any of the act rules are breached, a penalty of $5500 per unit is imposed.
So, for cloud storage providers who promise their clients that they will comply with all the local applicable laws in the agreement, but shift data to china, they can face the risk of being sued for breaching the agreement.
A final few points concluded in the session were that the cloud storage provider offering offsite data storage service for law firms should acknowledge their obligation to invest in improving their service over time.
And it is the user’s duty to check if the provider offers a back-up service that backs up your data and not just the application.
Finally, if the provider encrypts data, then they must ensure that users are given the ‘keys’ to decrypt the data when desired.